Cyber Security Incident Response Manager



Agoda is the largest and fastest growing online hotel booking platform in Asia and as a Booking Holdings company, we are part of the largest online travel company in the world. Technology is not just what we do – it’s at the heart of who we are. We have the dynamism and short chain of command of a start-up and the capital to make things happen. We love innovation and putting new technologies to work to extend our lead on the competition.

Working in one of the largest international Internet employers headquartered in Asia, your work has an impact on what we do around the globe. We move fast – why wait ages to see your ideas go live? Work on tough challenges, safe in the knowledge that you are surrounded by people as smart as you are (if not smarter!) to help solve them. And while we’re on the subject, Agoda people come from over 80 countries: It’s an incredible technical creative melting pot.


The Role:

We are seeking a strong leader who can deliver and maintain a sound security operations and incident response team to rapidly fight cyber criminals who are looking to attack us.

In your role, you will be working closely to/and reporting to the Director of IT Security and Compliance for strategic planning to deliver best in class incident response while adapting to work in a fast-pace and agile environment like ours.

Implement/maintain solid tactics, tooling and processes and procedures for operating a successful incident response team.



You would have had industry experienced/knowledgeable in Incident Response, whether as IR specialist or first responder and high technical competency to understand how to stand up the security operations architecture for effective visibility, detection and mitigation to enable a successful kill chain needed during incidents.

With the ability to strategize and lead Incident engagements with all staffing levels. You hold a clear understanding of the right people, processes and technology needed to make this happen

On the ground level, your job is to keep attacks from occurring and/or prevent them from getting worse. During the course of your day, you may be required to:

  • Engage with other business units regarding various IR improvements
  • Reports to the Director of IT Security and Compliance for daily incident updates during ongoing ones
  • Actively monitor systems and networks for intrusions
  • Identify TTP gaps and methods of addressing them working with CISO
  • Be connected with emerging threats, security flaws and vulnerabilities
  • Develop a procedural set of responses to security problems
  • Establish protocols for communication within an organization and dealings with law enforcement during security incidents
  • Create a program development plan that includes security gap assessments, policies, procedures, playbooks, training and tabletop testing
  • Produce detailed incident reports and technical briefs for management, administrators and end-users
  • Liaison with other cyber threat analysis entities
  • Manage the Incident Response team


  • 7+ years of experience in cyber security and Incident response field
  • 5+ years of experience in creating SOC center and/or instrumental in managing a success SOC
  • 5+ years of experience in managing people & setting objectives, KPIs with deadline for them
  • Work experience within a multicultural environment would be beneficial
  • Thorough understanding of cyber security frameworks, such as NIST CSF, CIS CSC etc.
  • Desirable knowledge of various compliance such as PCI DSS, SOX and GDPR is advantageous
  • Great knowledge of cyber security. You are passionate about your field and what you don’t know about cyber security, is just not worth knowing.
  • Strong experience in Incident response, running SOC and standing up security operations architecture for visibility, detection, containment and mitigation controls.
  • Certification of cybersecurity, Forensic and Incident response is a plus (CISSP, ECSA, GISP, GCIH, GCFE, GCFA)
  • Great knowledge in scripting (Python, Bash, PowerShell) 
  • Understanding the Attack life cycle
  • Knowledge at Penetrating testing – advantage
  • This can be a stressful, pressure-packed job. We need you to be flexible, adaptable and down-to-earth and an expert in multi-tasking. Panickers and procrastinators need not apply.
  • Great oral and communication skills within English.

We welcome applications from both local and international candidates - full relocation and visa sponsorship available.

Agoda is a Booking Holdings (BKNG) company, the world’s leading provider of brands that help people book great experiences through technology.


By applying to this job, you agree that Agoda may process your personal data in accordance with Agoda applicants privacy statement. (link to



#sanfrancisco #sanjose #losangeles #sandiego #oakland #miami #orlando #boston #seattle #newyork #sydney #perth #melbourne #vienna #minsk #saopaolo #toronto #montreal #vancouver #prague #shanghai #beijing #shenzhen #helsinki #paris #berlin #dublin #munich #hamburg #hongkong #budapest #telaviv #milan #rome #tokyo #osaka #amsterdam #warsaw #krakow  #bucharest #moscow #seoul #barcelona #madrid #stockholm #taipei #london #manchester #zurich #IT #4 #5 #LI-JA1


Back to top